From patchwork Fri Jun  3 17:10:01 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
X-Patchwork-Id: 629942
Return-Path: <linux-gpio-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3rLrGH2qnpz9t4c
	for <incoming@patchwork.ozlabs.org>;
	Sat,  4 Jun 2016 03:11:03 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=W4Dsh4LI;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932216AbcFCRKo (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Fri, 3 Jun 2016 13:10:44 -0400
Received: from mail-lf0-f67.google.com ([209.85.215.67]:35831 "EHLO
	mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932905AbcFCRKI (ORCPT
	<rfc822; linux-gpio@vger.kernel.org>); Fri, 3 Jun 2016 13:10:08 -0400
Received: by mail-lf0-f67.google.com with SMTP id s186so1834646lfs.2;
	Fri, 03 Jun 2016 10:10:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=ANLS4LHsDPSXA8o2LYHGyArTYqRQhtC34WyFmjBYQQI=;
	b=W4Dsh4LInGaZbIaYas7Taz9IFxgRUDiFE85YlXKzeMptoDy5fdPAdf9yBQkJUs2teW
	7eZ0dEbwgyFHYSfcTDAbiWEGiW9Nj4yIRz9SrNeU9RoCUXojr/RNvyv2UqYo/SD4nTa6
	SFSMjGygk2HqHLZ1ZemyUNXA4xGhyoR3LrwNOWWj65hKUK15yjTWteipIJ2KrXqjMAn7
	eHJvQNQdLftI/Ths7XtkVGkOoKyMu2SbIu5R8wvdTruEE6fhp8YJENO1yCtY1T4YuKTU
	smmft7inAnrlldaW/IKjGw6/WluLs9ANZH1Iy/DQVxo61CEuC45wZR3qDnsh53HT5353
	lNSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=ANLS4LHsDPSXA8o2LYHGyArTYqRQhtC34WyFmjBYQQI=;
	b=Ibl0SVQtaLFG3JI9VffgLdhH2ojMm1y5i57C1TgisIOvpDOuBpitD+F0u6+aJ/3JQV
	la8ampnqHONlKSjQRUw9GBTuwSYRwOCG1Q+ByVT/4xpad1fIXzBUsEJqWItD2OHB+ZWV
	6A6zBVP5tcqLVsr1ex1jlj1WOtAcA/2GODR/1zANpNIoPGHwlKSz8vV8bNR2isXbAZAt
	tNm477m/esJFNL7sPMtZEJdjrSeZpBLhGYOydqyycJ9bi3HJFFKEWqJum8tlMiISJYiI
	8c7a9gMWoCpHrrxV33cOmS7v55WxoZgFc22HuHhRNfFa8BdKc+cIvCcwoXWPyugfWpxi
	Gv4A==
X-Gm-Message-State: 
 ALyK8tIv5KRQbSIFtV/uH37+p+R5rOSKSgz8dov4Qghi6dp+iuELRV370ioFrBScHhyTfg==
X-Received: by 10.46.71.140 with SMTP id u134mr1314334lja.18.1464973806047;
	Fri, 03 Jun 2016 10:10:06 -0700 (PDT)
Received: from neopili.qtec.com
	(cpe.xe-3-0-1-778.vbrnqe10.dk.customer.tdc.net. [80.197.57.18])
	by smtp.gmail.com with ESMTPSA id
	u77sm426443lja.15.2016.06.03.10.10.04
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 03 Jun 2016 10:10:04 -0700 (PDT)
From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
To: Linus Walleij <linus.walleij@linaro.org>,
	Alexandre Courbot <gnurou@gmail.com>,
	linux-gpio@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Subject: [PATCH 1/2] gpiolib: Fix NULL pointer deference
Date: Fri,  3 Jun 2016 19:10:01 +0200
Message-Id: <1464973802-9286-1-git-send-email-ricardo.ribalda@gmail.com>
X-Mailer: git-send-email 2.8.1
Sender: linux-gpio-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-gpio.vger.kernel.org>
X-Mailing-List: linux-gpio@vger.kernel.org

Under some circumstances, a gpiochip might be half cleaned from the
gpio_device list.

This patch makes sure that the chip pointer is still valid, before
calling the match function.

[  104.088296] BUG: unable to handle kernel NULL pointer dereference at
0000000000000090
[  104.089772] IP: [<ffffffff813d2045>] of_gpiochip_find_and_xlate+0x15/0x80
[  104.128273] Call Trace:
[  104.129802]  [<ffffffff813d2030>] ? of_parse_own_gpio+0x1f0/0x1f0
[  104.131353]  [<ffffffff813cd910>] gpiochip_find+0x60/0x90
[  104.132868]  [<ffffffff813d21ba>] of_get_named_gpiod_flags+0x9a/0x120
...
[  104.141586]  [<ffffffff8163d12b>] gpio_led_probe+0x11b/0x360

Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
---

We might want to cc: stable on these two patches

 drivers/gpio/gpiolib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index d407f904a31c..0626cc96744b 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -858,7 +858,7 @@ struct gpio_chip *gpiochip_find(void *data,
 
 	spin_lock_irqsave(&gpio_lock, flags);
 	list_for_each_entry(gdev, &gpio_devices, list)
-		if (match(gdev->chip, data))
+		if (gdev->chip && match(gdev->chip, data))
 			break;
 
 	/* No match? */